Online banking is about more than cost cutting. Banks are just waking up to its potential for increased revenue and new business opportunities. In this context, online security is not just a cost of business to be weighed against losses to fraud. It is the key that opens the door. But it will only work if banks change the way they build a business case for trust and security.

Every business unit in a bank needs a presence online. People expect to do more online and banks that meet these expectations will gain a competitive advantage over those who see the internet as nothing more than a way to cut costs. Bank innovation and vision lead the way but trust and security form a barrier; customers will only use the online channel if they trust it. ‘Good enough’ security isn’t good enough anymore.

In this context, banks need to re-evaluate their cost-benefit calculations for online security. If they only count the cost of fraud they will miss the bigger picture. Poor security has a significant opportunity cost. Banks should focus on the benefits of moving a customer online and getting them to buy more when they get there. Increased security makes each customer more valuable and more profitable.

The security paradox

Which came first, the chicken or the egg? Or, to put it into banking terms, which came first, improved online security or new online services? It’s a common mistake to believe that current levels of bank security, and particularly static passwords, are sufficient and don’t need to be improved.

In reality, when security is poor, everyone focuses on the cost of fraud and the difficulty of developing new services in an insecure environment. This makes it hard to upgrade security and hard to develop new business opportunities.

The real cost of insecurity

The cost of any fraud incident can be divided into several parts:

• Direct costs are the money you actually lose to online criminals, the cost of communicating with customers and the expense of reimbursing the customer for their losses.
• Indirect costs include the cost of understanding the attack, performing forensic analysis, chasing the perpetrators and implementing technical fixes in a hurry. It also includes the loss of focus and cost of time spent dealing with incident and its consequences.
• Reputational costs are harder to measure but are often much greater than the direct costs. For example, lost customers, falling share prices, increased reluctance to transact online, less use of credit cards and increased ATM withdrawals. There is a personal cost too as customers assign some of the blame for security problems to their bank. For example, a recent survey in the US found that four in ten businesses switched banks after suffering a fraud incident.

In many cases, banks base their business case for improved security on the direct costs alone. This is rarely enough to justify an investment in stronger security, such as two-factor authentication. Yet, it only takes account of a tiny proportion of the total cost. This false consciousness is the root cause of the security paradox.

To break the paradox, you need to have a baseline of trust and security. Customers need to feel confident to transact with you online. Staff need to be free to focus on business development and service innovation rather than firefighting security problems on a daily basis.

The future of banking

This brings me to the fourth cost of poor security: the opportunity cost of delayed innovation and missed business opportunities. Only once a secure foundation exists, can banks build new high-value services online.

The trend in Northern Europe is for branches to switch focus from low-value transactions, such as cash withdrawals and cheque deposits, to high value sales, such as loans, financial and business advice. The branch becomes a venue where bank can meet their affluent customers.

In Sweden, Nordea has already opened cash-less branches. In the UK, Nationwide has started charging a small fee for cash withdrawals in the branch. Another trend sees banks buying real estate companies in order to put their mortgages and insurance in front of house buyers.

The business value of security

With the right security, banks’ online portals can become an integrated part of this trend towards high-value, high-touch customer service. It can also take care of many more low-value transactions and enable completely new lines of business. Opportunities include:

• Top-of-wallet effect. Studies show that a cardholder’s spending increases by 3% when his card is top-of-wallet. Increased e-commerce security can help you increase online spending and the usage of your cards.
• Fraud and dispute reduction. Banks tell us that see a 60-70 percent reduction in fraud, when they use a security solution for online shopping.
• Increased online shopping and banking. In many countries, people are reluctant to transact online in the first place because of a lack of trust. Removing these barriers, even in more developed countries, can increase the volume of online transactions.
• Self-service. In Western Europe, shifting a customer from the branch to the online bank may generate cost saving of as much as €10 per transaction.
• Electronic invoicing. Banks process millions of utility bill payments every month for gas, water, electricity and phone companies. Typically, utility companies pay around €1 per invoice per customer. Imagine if banks used their security and authentication services to automate invoicing and increase the uptake of electronic bill payment. This could reduce utility companies’ costs, increase bank profits, simplify payments and make life easier for customers.
• Reselling identity. A tax return costs the government more than €2 per citizen. If the bank could provide this for half of the cost, bank may, is a win-win situation for both the bank and the government.
• Generation Y. The Facebook generation don’t even want to visit their bank, unless they can do it online. Banks that don’t offer trustworthy online services may see younger customers defect to faster-moving rivals.

Trust and confidence are valuable assets for banks. Back in the nineteenth century, banks invested in lavish marble halls and iron strong rooms to encourage deposits. Today, in the 21st century, robust authentication and trustworthy online services have the same role. If banks want to attract customers, upsell new services and out-compete their rivals, they need good security. It’s not just a cost of business. It’s good for business.